About searx #1634
I feel the issue #1228 as become "what is the future of searx ?"
To answer that question, I would like to list some of the important topics to show that the searx maintenance is a full time job.
Disclaimer : it is only my opinion as an individual.
Engines keep stop working
It is a recurrent endless task.
How to install searx ?
You can pick an answer according to the day of the month:
This doesn't help the next topic: Security.
Security & Privacy.
There is always the risk of tracking and/or malicious code getting into the results since searx fetches content from elsewhere (and the web living standard ).
searx is really interesting for some people to harvest data. Sooner or later an new searx instance will be found and hammered with bot requests. Since there are a lot of different ways to install searx, it's not easy to give recommendations. Moreover, currently the reverse proxy filtron doesn't provide a good default configuration, and is not referenced in the searx documentation.
Note the dealing with bots problem means keep a state somewhere (for example : keep in memory, the number of request per minute and per IP address).
The last but not the least: Trust.
What about the logs? For example, when there is an error in an engine (timeout, whatever), the requested url may be logged.
 Some instance store the results in a temporary cache, and may use proxies to send the requests to the actual search engines.
Okay. So what to do?
In my opinion, searx fits in to this CHATONS initiative :
Each host (named kitten) may have different services (etherpad, wallabag, zerobin, etc), and different policy.
I know that most of people won't agree to do that.
One size won't fit all
The searx-docker project has been created to find an intermediate solution :
The second step is the Embedded searx-checker so an user can clearly see what engines are not working.
After that, the user experience will be better. Of course, if during this time most of the engines stop working, it won't be useful.
i recommend to put it in readme
this can be easier when there is issue template
user have to do some checklist, before reporting it. it sure take more time but it will be easier to debug/help by other contributor
it can be split into several category. what i can think of for example issue for searx engine, searx instance and actual searx issue
related to reporting issue from searx instance
while there is this line
maybe put commit hash like how danbooru did (
also maybe report page, which is just page between searx instance and searx github issue page, which contain required info of that searx instance (simple text with copy to clipboard button).
installation: imo better to stick to few method and let maintainer do the rest.
searx instance: maybe list some searx instance that include on second (modify link) and third category (adding tracking)
embedded searx checker: i recommend to add github issue link and maybe possible pr related to that engine
About "better to stick to few (installation) methods"
I think that one of the reason why searx became popular is the numberous blog posts on "how to install searx" (search for
About the version number
I agree, the 0.15.0 is meaningless right now. But the lack of routine maintenance is also a reason.
BTW right now, stats.searx.xyz doesn't recognize this version schema.
About searx instance list
The first instance list was made by @pointhi in September 2016 : https://github.com/pointhi/searx_stats
Having an API to get all the searx instance would be nice, it would help https://searx.neocities.org/ , https://searxes.eu.org/ and especially Android applications. I know the wiki page can be parsed as most probably stats.searx.xyz does.
What ever the tool, what information can [not] be automatically gather from each instances:
Doing the two last points means that the list will point at all the instances that have been hack in the good way. To sum up, it requires regular manually reviews.
... and sum up of sum up: it's balance between customization / privacy / usable:
Security & Privacy
Just to reference the issue #715 : should searx emits the Content-Security-Policy headers ?
Python and Golang are on the same boat
Disclaimer: I'm far from being a Python expert, I'm may be wrong
Another point about the current implementation:
That's on reason searx-docker exists : combine all these different tools and configuration in point central point, even if it is not deployed but at least used a documentation reference.
(sorry for the syntax & grammar errors)
Could there be some kind of user review of each searx instances with for example the ability to note with stars just like on TripAdvisor or other e-commerce websites? Instead of implementing some complex algorithms that will detect if an instance has been badly modified and probably introduce loads of false positive.
So the question is what are the criterion ?
Should we talk about that in another issue to avoid creating too much comments on this important issue?
I would also add to this issue that we need to cleanup the github repository by closing outdated and fixed issues or if the issue is still present add label(s) to it. Moreover review old pull requests that haven't been merged and deal with them by either closing it or ask the author to make changes if needed.